* chore: Set permissions for GitHub actions
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much.
* Remove global permissions which are set implicitly
With restrictive settings in the global GitHub Action permission settings
those permissions are given implicitly.
Co-authored-by: neilnaveen <42328488+neilnaveen@users.noreply.github.com>
Co-authored-by: Joakim Sørensen <hi@ludeeus.dev>
Co-authored-by: Stefan Agner <stefan@agner.ch>
* Use anonymous Docker volume as build output
Use anonymous Docker volumes as build output. This makes sure
every build is using a clean output directory.
This reverts commit ff07728fa3.
Removing the .git file from the git submodule is problematic when
updating buildroot: Files deleted stay present in the buildroot
directory (since their origin is no longer known).
The workaround has been introduced to allow building non-git submodule
releases (rel-6) on the same runners. Since rel-7 uses git submodule and
we stay with git submodule for the forseeable future, remove this work
around.
Make sure to overwrite existing files on upload. This allows to trigger
rebuilds and have the latest builds on the os-builds server.
Note: When using GitHub Actions, the release/ directory is cleared at
the beginning (by the checkout action, which has the clean option set
by default which also causes files in .gitignore to be deleted).
If a git submodule is converted to a regular git directory (e.g. when
moving from dev -> rel-6 branch), the directory is not properly cleaned
by the checkout action.
Remove the git submodule .git files which makes sure that git properly
reinitialize subdirectories, even if they have been a submodule before.
See also: https://github.com/actions/checkout/issues/624
* Avoid using tar when uploading dev builds
The GitHub action to upload the images to the os-builds server uses
tar before uploading. This creates unnecessary copies and takes a while.
Switch to a GitHub action which uploads the images using rsync instead.
* Drop buildroot from git repository
Manage buildroot in a separate git repository and use a git submodule
to include it into the HAOS source tree.
This makes it easier to manage changes to buildroot since it can be
managed by git. A buildroot fork repository is being maintained with
the changes we currently have. It makes the buildroot-patches unnecessary
and should make it easier to rebase and upstream changes to buildroot.
* Remove buildroot-patches
Now that buildroot changes are managed in the buildroot fork repository
there is no need to manage patches in a separate directory.
* Initialize git submodule if necessary
* Move build directory to root
This avoids conflict/local modification issues with the buildroot
git submodule.
HAOS builds add a lot of files and things get quickly messy. Use a
directory per build.
Also don't abort the complete build if a single board failed, we still
might be interested in the rest.
* Add development build version part to version number
Add third part in the version number to indicate development builds.
Generate a default version number based on the date, e.g.
"5.6.dev20201124".
* Add GitHub Action workflow for development builds
Add another GitHub workflow for development builds. Make it triggered
only for now. The version number is generated by the workflow and
passed to all builds to make sure all builds have the same development
build version.
* Add documentation
